惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
T
Tenable Blog
Project Zero
Project Zero
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
S
Schneier on Security
Scott Helme
Scott Helme
S
Securelist
Know Your Adversary
Know Your Adversary
Vercel News
Vercel News
IT之家
IT之家
V
V2EX
F
Fortinet All Blogs
Simon Willison's Weblog
Simon Willison's Weblog
K
Kaspersky official blog
博客园_首页
T
Tailwind CSS Blog
The GitHub Blog
The GitHub Blog
Spread Privacy
Spread Privacy
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
有赞技术团队
有赞技术团队
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
L
LINUX DO - 热门话题
Hugging Face - Blog
Hugging Face - Blog
博客园 - 三生石上(FineUI控件)
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CXSECURITY Database RSS Feed - CXSecurity.com
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CERT Recently Published Vulnerability Notes
S
SegmentFault 最新的问题
AWS News Blog
AWS News Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
罗磊的独立博客
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
The Cloudflare Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost

hackers Archives - VICE

Hackers Are Spreading Malware Through LinkedIn Comments Now Feds Want to Ban the World’s Cutest Hacking Device. Experts Say It's a ‘Scapegoat’ Hackers Took Over Transit Ads with Messages from Queer Palestinians in Gaza ‘Windows for Gamers’ Rolls Dice With Your Security The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices Hackers Can Remotely Open Smart Garage Doors Across the World The Cure Tried to Stop Scalpers. Brokers Are Selling Entire Ticketmaster Accounts Instead Inside the DEA Tool Hackers Allegedly Used to Extort Targets
Senator Asks Big Banks How They're Going to Stop AI Cloned Voices From Breaking Into Accounts
Joseph Cox · 2023-05-05 · via hackers Archives - VICE

The chairman of the Senate committee that provides oversight of the banking sector has sent letters to the CEOs of the country’s biggest banks asking what they plan to do about the looming threat of fake voices created with artificial intelligence being used to break into customers’ accounts.

The move comes after Motherboard used an AI-powered system to clone a reporter’s voice, and then used that to fool a bank’s voice authentication security system. That investigation showed that just a few minutes of a target’s voice audio was enough to generate a clone that was convincing enough to break into a bank account, potentially putting the public at risk of such attacks, and especially those with a public presence such as politicians, journalists, podcast hosts, streamers, and more.

Videos by VICE

“In recent years, financial institutions have promoted voice authentication as a secure tool that makes customer authentication faster and safer. Customers have used voice authentication tools to gain access to their accounts. According to news reports, however, voice authentication may not be foolproof, and it highlights several concerns,” Senator Sherrod Brown, chairman of the U.S. Senate Committee on Banking, Housing, and Urban Affairs, wrote in the letters.

Brown sent the letters to the CEOs of JP Morgan Chase & Co., Bank of America, Wells Fargo, Morgan Stanley, Charles Schwab, and TD Bank.

“We seek to better understand what measures financial institutions are taking to ensure the security of the voice authentication tools and the steps they are taking to ensure strong data privacy for voice data. Like a fingerprint, face id, or retinal scan, voice data is among the most intimate types of data that can be collected about a person. Consumers deserve to understand how their voice data is being collected, stored, used, and retained,” Brown continues.

The letter points specifically to Motherboard’s earlier investigation. For that February article, Motherboard used a voice cloning service from an AI startup called ElevenLabs. At the time of the test, Motherboard was able to generate the voice for free. Motherboard uploaded about five minutes of audio to the service, which then provided the ready-to-use synthetic voice a short while later.

Do you know anything else about bank voice ID, or how AI voices are being abused? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

ElevenLabs has already been tied to multiple cases of real world abuse. Members of 4chan used the service to make synthetic versions of celebrities’ voices, including one that sounded like Emma Watson which the users made read Mein Kampf. A group of trolls then doxed specific voice actors and used synthetic voices as part of the harassment campaign (the attackers claimed ElevenLabs’ tool was used, but ElevenLabs told Motherboard at the time that only one clip, which did not include the targets’ addresses, was made with its software).

Motherboard tested the cloned voice on the authentication system of Lloyds Bank in the UK. Many banks in the U.S. use similar systems, such as TD Bank’s “VoicePrint” and Chase’s “Voice ID.” At the time, TD Bank, Chase, and Wells Fargo did not respond to a request for comment. In September, lawyers filed suit against a group of U.S. financial institutions because they believe biometric voice prints used to identify callers violates California law.

In his letter to the banks, Brown asks each to describe their use of voice authentication services, including whether they are using third-party provided tools; how frequently customers use voice authentication; how the banks respond to breaches due to flaws in voice authentication; and where customer voice data is stored. Brown gave the banks until May 18 to respond.

As for the broader threat AI voice cloning poses to the public, Brown adds “Worryingly, the prevalence of video clips publicly available on Instagram, TikTok, and YouTube have made it easier than ever for bad actors to replicate the voices of other people.”

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our Twitch channel.